package com.free.semantic.web.config;

import org.apache.catalina.connector.Connector;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class TomcatSSLConfig {

    @Bean
    public WebServerFactoryCustomizer<TomcatServletWebServerFactory> sslCustomizer() {
        return factory -> {
            factory.addConnectorCustomizers((Connector connector) -> {
                connector.setProperty("sslEnabledProtocols", "TLSv1.2,TLSv1.3");
                connector.setProperty("SSLVerifyClient", "none");
                // 强制发送完整证书链（Tomcat 默认已支持）
                connector.setProperty("sendFullChain", "true"); // 确保中间证书发送
            });
        };
    }
}